travis-build.sh: import GPG key, but don't decrypt

ctrueden · ctrueden · commit 2605abf535f1 · 2017-10-21T22:28:08.000-05:00
The decryption will be done in the before_install phase, as
specified in the .travis.yml. This is what "travis encrypt-file"
sets up when you pass "--add". It is a nice way to do it because
the environment-specific stuff all stays in .travis.yml at the end,
and we do not need to pass key and iv values into travis-build.sh.
diff --git a/travis-build.sh b/travis-build.sh
@@ -53,14 +53,13 @@ cat >"$settingsFile" <<EOL
 </settings>
 EOL
 
-# Populate the GPG signing key.
+# Import the GPG signing key.
 keyFile=.travis/signingkey.asc
 if [ "$TRAVIS_SECURE_ENV_VARS" = true \
 	-a "$TRAVIS_PULL_REQUEST" = false \
-	-a -f "$keyFile.enc" -a -e "$1" -a -e "$2" ]
+	-a -f "$keyFile" ]
 then
-	echo "== Decrypting GPG keypair =="
-	openssl aes-256-cbc -K "$1" -iv "$2" -in "$keyFile.enc" -out "$keyFile" -d &&
+	echo "== Importing GPG keypair =="
 	gpg --batch --fast-import "$keyFile" --passphrase "$GPG_PASSPHRASE"
 fi
 
